Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 11:59
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > infected with the "theguardservices" home page
Show topics
 
Forums
Forums
Infected with the "theguardservices" home page
  Jump to:
 
Posted Message
Page:12Next >
jerrold3
Newbie
_ 		29. April 2006 @ 23:37 _ Link to this message    Send private message to this user   
My home page is stuck at theguardservices.com Please help. Not too computer savvy. Here my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:27:38 AM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\WINDOWS\System32\d?xplore.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE38A.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
[ + quote]
Advertisement
_ 		__
tapiiri
Senior Member
_ 		29. April 2006 @ 23:56 _ Link to this message    Send private message to this user   
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Boot your computer to SAFEMODE.

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd

Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 01:19 _ Link to this message    Send private message to this user   
I've downloaed the smitfraudfix; however, when I attempt to open it, a window opesn for a second tops and closes. I can not get this to open properly. Any help would be appreicated!
[ + quote]
tapiiri
Senior Member
_ 		30. April 2006 @ 01:38 _ Link to this message    Send private message to this user   
Hi jerrold3,

Did you unzip it ?

Here are instructions with pitures :

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 01:41 _ Link to this message    Send private message to this user   
File was properly unzipped.
[ + quote]
tapiiri
Senior Member
_ 		30. April 2006 @ 01:48 _ Link to this message    Send private message to this user   
Are you sure that you run right file.

Try run option #1. and send rapport.txt


[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 01:53 _ Link to this message    Send private message to this user   
The file was unzipped with all content extracted; however when I double click on the file to open I get the standard popup message of "The publisher could not be verified. Are you sure you want to run this software? I choose Run, a command prompt type box opens for less than a second and closes. I never get the chance to choose any option at all.
[ + quote]
tapiiri
Senior Member
_ 		30. April 2006 @ 02:10 _ Link to this message    Send private message to this user   
Allright, let do it to hard way :)

Please Download Smithrem : http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Save it to desktop. Don't run yet.

Please download Kllbox

http://www.downloads.subratam.org/KillBox.zip
Unzip it to desktop.
Run it.

Choise

* Delete on Reboot
* Click All Files option.


# Copy and paste follow lines to clipboard:

C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe

# return to Killbox, go to File , and choise Paste from Clipboard.

# Clicka red-white Delete File . Click Yes "Delete on Reboot"
Click OK every question PendingFileRenameOperations asks and let me know if those exist.

Your computer should restart now. If not boot yourselves.

If you get message :Component 'MsComCtl.ocx' or one of its dependencies not correctly registered
Download this and run it. Try again
http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe

Start comp to safe mode.
open smithrem folder and run "RunThis.bat " Follow instructions.

Re start normally and send C:\smitfiles.txt and new hijack this log






[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 02:35 _ Link to this message    Send private message to this user   
Same problem. Downloaded killbox. Ran with no problems. Downloaded smithrem. Unzipped in safe mode. Attempted to run, and same as before a Command prompt style box appears for less than a second and disappers. I'm unable to do anything with this application. Are there any settings you could think of that I could change?
[ + quote]
tapiiri
Senior Member
_ 		30. April 2006 @ 02:43 _ Link to this message    Send private message to this user   
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Boot your comp to safe mode, and scan with Ewido Complete system scan.
Be sure that it scan "every file"
Save the report.

Boot normally and send fresh hijack log and ewidos report.


[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

This message has been edited since posting. Last time this message was edited on 30. April 2006 @ 02:45
jerrold3
Newbie
_ 		30. April 2006 @ 04:39 _ Link to this message    Send private message to this user   
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:33:22 AM, 4/30/2006
+ Report-Checksum: C11B2AD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{7676F3C7-AF22-0FBA-43EC-F6F7A2599104} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1559617991-2932391519-2664560373-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7676F3C7-AF22-0FBA-43EC-F6F7A2599104} -> Adware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@e-2dj6wgk4qmczefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkighdpggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkiwmc5wko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkougcjobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfliuhcpehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4anc5ilp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4gkazsao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4wpazclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkoeicjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkoqjdzmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkowmc5wap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyamcpklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyeod5edq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyeodzcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyogajkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyomdzofp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkysid5cap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjliukajklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjloajc5ieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjloeic5gco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlyulcjgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlyupajmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlywiajwcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjmiencpofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjmysoc5ehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjny-1ndpsa.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjny-1odjmf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyalcpseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyemc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnygmdzwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnygoajifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyoldpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyomdpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyqjcpmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyspajwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\dllenpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\gelkcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\jfjlcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\lgbcpmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\mimapmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\nafgnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\nbdjcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\ngigeomd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\nmeaeomd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temp\pldgnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Jerrold\Local Settings\Temporary Internet Files\Content.IE5\OLY3416J\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Rocky\Cookies\rocky@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Rocky\Cookies\rocky@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Rocky\Cookies\rocky@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rocky\Local Settings\Temporary Internet Files\Content.IE5\4P2VWHE3\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\11EA1D99-9A7F-45EC-91D2-D11264\E08E4CEB-A23C-45DD-ACF7-895B52 -> Adware.RXBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\135F80EC-7C03-41F3-BD5D-01566D\577A316E-4C41-4F71-8FC5-72BC8B -> Downloader.Small.aul : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\2ECB4F36-E225-4FEB-BAD3-850FB6 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\55C8AEAD-BA58-48D6-8613-2BC1C6 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\587C057D-4CD2-4D07-8D2E-592211 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\64082C88-92FC-4C47-B658-A3BD9E -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\67DB2A53-9050-4340-98F3-A6F37B -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\849FCBE0-D597-4D28-A035-0E2C93 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\8E5D9478-6AFD-4A3A-837A-8003D7/Points Manager.exe -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\AA9F2DA2-2EA3-4517-8DF5-22E06D -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\AEC09C17-9659-4EB5-B95C-C7A81A/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\B98789DC-BCEB-4587-8DD2-F68E7D -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\F990C526-B388-4478-B77B-17A3C4 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\FDA2205E-57E1-4A51-A3B3-CE4811 -> Adware.Altnet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70BFB656-3B71-4C8A-BD55-7B0D7F\4F9AC596-CF2B-4235-8842-08FCE6 -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\86A7E165-DF69-4DD0-AD1D-EE0184\881BECF2-5590-400A-A16A-E947BB -> Downloader.Small.aul : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\98D1ABFE-6AA0-4116-ACE1-A66050\F03EC6EA-5743-4674-9FA1-386210 -> Downloader.Small.aul : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037576.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037583.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037607.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037609.exe -> Hijacker.Small.kg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0055301.exe -> Adware.DealHelper : Cleaned with backup
C:\WINDOWS\SYSTEM32\csajj.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\SYSTEM32\dеxplore.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscjjn.dll -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\SYSTEM32\msddlc.dll -> Dropper.Siboco.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msiaih.dll -> Adware.Ipend : Cleaned with backup
C:\WINDOWS\SYSTEM32\mskplb.dll -> Adware.Ipend : Cleaned with backup
C:\WINDOWS\SYSTEM32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\WINDOWS\SYSTEM32\zinwaeg05.dll -> Downloader.Lastad.h : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 8:37:24 AM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp924D.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
[ + quote]
tapiiri
Senior Member
_ 		30. April 2006 @ 05:19 _ Link to this message    Send private message to this user   
Next step and propaply last:

Go to safe mode.

Scan HijackThis.

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp924D.tmp
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

Close all windows and programs, exept HijackThis. Click Fix checked.

Remove next:

C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ >>info32.exe
C:\WINDOWS\system32\ >>hp924D.tmp

Scan with Ewido, please goto settings and choose "all files" and complete system scan. Save raport.

Boot normally and send fresh hijack log and ewido's raport.

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 16:13 _ Link to this message    Send private message to this user   
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:07:16 PM, 4/30/2006
+ Report-Checksum: 2B3595BD

+ Scan result:

C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055454.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055455.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055456.dll -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055457.dll -> Dropper.Siboco.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055458.dll -> Adware.Ipend : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055459.dll -> Adware.Ipend : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055460.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055461.dll -> Downloader.Lastad.h : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 8:10:57 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
[ + quote]
jerrold3
Newbie
_ 		30. April 2006 @ 16:19 _ Link to this message    Send private message to this user   
Also, something keeps changing my internet security settings to Low. Could this be spyware/malware related or would it be something else? The yellow blinking triangle with the exclamtion point has now returned. This time a message appears saying "System Alert: Adware and Spyware. Your computer performance slowed down. Your internet connection speed has decreased...." Looks like I got rid of theguardservices and have soemthing else. Please help!
[ + quote]

This message has been edited since posting. Last time this message was edited on 30. April 2006 @ 16:44
tapiiri
Senior Member
_ 		30. April 2006 @ 20:14 _ Link to this message    Send private message to this user   
Hi jerrold3,

Please download prosess explorer
http://www.sysinternals.com/files/procexpnt.zip

Unzip it to own folder and run it.
Choose ?View? and check that these lines are marked

Show processes form all users.
Show Lower Pane
Lower Pane View DLL's

Then click in that window Explorer.exe
Then select ?File? > Save As > and save log.
Send that log here please.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		30. April 2006 @ 22:29 _ Link to this message    Send private message to this user   
Process PID CPU Description Company Name
System Idle Process 0 81.82
Interrupts n/a 1.52 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 596 Windows NT Session Manager Microsoft Corporation
csrss.exe 644 Client Server Runtime Process Microsoft Corporation
winlogon.exe 668 Windows NT Logon Application Microsoft Corporation
services.exe 712 1.52 Services and Controller app Microsoft Corporation
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1432 Spooler SubSystem App Microsoft Corporation
cisvc.exe 1788 Content Index service Microsoft Corporation
CIDAEMON.EXE 3952 Indexing Service filter daemon Microsoft Corporation
ewidoctrl.exe 1812 ewido control ewido networks
ewidoguard.exe 1828 guard ewido networks
Mcdetect.exe 1864 McAfee WSC Integration Service McAfee, Inc
McTskshd.exe 2016 McAfee Task Scheduler McAfee, Inc
mcvsrte.exe 252 McAfee VirusScan Real-time Engine Networks Associates Technology, Inc
nvsvc32.exe 308 NVIDIA Driver Helper Service, Version 52.16 NVIDIA Corporation
sdhelp.exe 452 PC Tools Research Pty Ltd
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 1012 Windows User Mode Driver Manager Microsoft Corporation
McShield.exe 2152 12.12 NT On-Access Scanner service. Network Associates, Inc.
alg.exe 2624 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 1532 iPodService Module Apple Computer, Inc.
lsass.exe 724 LSA Shell (Export Version) Microsoft Corporation
csrss.exe 3612 1.52 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1320 Windows NT Logon Application Microsoft Corporation
mcvsftsn.exe 2980 McAfee VirusScan Instant Messenger Scan Module Networks Associates Technology, Inc
msmsgs.exe 4040 Windows Messenger Microsoft Corporation
explorer.exe 1676 Windows Explorer Microsoft Corporation
DSentry.exe 168 DVDSentry Dell - Advanced Desktop Engineering
mcvsshld.exe 152 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
McVSEscn.exe 212 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
mcagent.exe 204 McAfee SecurityCenter Agent McAfee, Inc
jusched.exe 236 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
WkUFind.exe 320 Microsoft® Works Update Detection Microsoft® Corporation
tgcmd.exe 492 Support.com Scheduler and Command Dispatcher Support.com, Inc.
moffice.exe 552 MOffice MFC Application
mouse32a.exe 1232
qttask.exe 884 QuickTime Task Apple Computer, Inc.
DSAgnt.exe 1124 Dell Support Gteko Ltd.
iexplore.exe 3696 Internet Explorer Microsoft Corporation
outpost.exe 1516 Outpost Firewall main module Agnitum Ltd.
iexplore.exe 3728 Internet Explorer Microsoft Corporation
procexp.exe 5116 1.52 Sysinternals Process Explorer Sysinternals
atmclk.exe 3880
explorer.exe 2292 Windows Explorer Microsoft Corporation
atmclk.exe 3624
DSentry.exe 1288 DVDSentry Dell - Advanced Desktop Engineering
mcvsshld.exe 3408 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
McVSEscn.exe 3000 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
mcagent.exe 3488 McAfee SecurityCenter Agent McAfee, Inc
jusched.exe 2700 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
WkUFind.exe 3712 Microsoft® Works Update Detection Microsoft® Corporation
tgcmd.exe 2788 Support.com Scheduler and Command Dispatcher Support.com, Inc.
moffice.exe 2556 MOffice MFC Application
mouse32a.exe 3704
qttask.exe 2760 QuickTime Task Apple Computer, Inc.
DSAgnt.exe 868 Dell Support Gteko Ltd.
msnmsgr.exe 4008 MSN Messenger Microsoft Corporation
swdoctor.exe 2116 Spyware Doctor PC Tools Research Pty Ltd
iexplore.exe 2968 Internet Explorer Microsoft Corporation
aolsoftware.exe 1620 AOL America Online, Inc.
aim6.exe 5828 AIM America Online, Inc.

Process: System Pid: 4

Name Description Company Name Version
ACPI.sys ACPI Driver for NT Microsoft Corporation 5.01.2600.2180
aeaudio.sys Andrea Audio Stub Driver Andrea Electronics Corporation 1.00.0000.0000
afd.sys Ancillary Function Driver for WinSock Microsoft Corporation 5.01.2600.2180
agp440.sys 440 NT AGP Filter Microsoft Corporation 5.01.2600.2180
asyncmac.sys MS Remote Access serial network driver Microsoft Corporation 5.01.2600.2180
atapi.sys IDE/ATAPI Port Driver Microsoft Corporation 5.01.2600.2180
ATMFD.DLL Windows NT OpenType/Type 1 Font Driver Adobe Systems Incorporated 5.01.0002.0226
audstub.sys AudStub Driver Microsoft Corporation 5.01.2600.0000
BCMSM.sys Modem Device Driver Broadcom Corporation 3.05.0025.0000
Beep.SYS BEEP Driver Microsoft Corporation 5.01.2600.0000
BOOTVID.dll VGA Boot Driver Microsoft Corporation 5.01.2600.0000
Cdfs.SYS CD-ROM File System Driver Microsoft Corporation 5.01.2600.2180
Cdr4_xp.SYS CDR4_XP CDR Helper Roxio 5.02.0000.0091
Cdralw2k.SYS CDRAL for Windows 2000 Kernel Driver Roxio 5.02.0000.0091
cdrom.sys SCSI CD-ROM Driver Microsoft Corporation 5.01.2600.2180
cdudf_xp.SYS CD-UDF NT Filesystem Driver Roxio 5.02.0000.0091
CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation 5.01.2600.2180
DcCam.sys Kodak Digital Camera Driver Eastman Kodak Company 1.07.0614.0000
dcfs2k.sys Kodak DC File System Driver (NT) Eastman Kodak Company 1.00.4100.0007
disk.sys PnP Disk Driver Microsoft Corporation 5.01.2600.2180
drmk.sys Microsoft Kernel DRM Descrambler Filter Microsoft Corporation 5.01.2600.2180
dump_atapi.sys
dump_WMILIB.SYS
Dxapi.sys DirectX API Driver Microsoft Corporation 5.01.2600.0000
dxg.sys DirectX Graphics Driver Microsoft Corporation 5.01.2600.2180
dxgthk.sys DirectX Graphics Driver Thunk Microsoft Corporation 5.01.2600.0000
e100b325.sys NDIS 5 driver Intel Corporation 6.01.0003.0010
EXPORTIT.SYS Kodak DC File System driver Eastman Kodak Company 1.00.8900.0009
Fastfat.SYS Fast FAT File System Driver Microsoft Corporation 5.01.2600.2180
fdc.sys Floppy Disk Controller Driver Microsoft Corporation 5.01.2600.2180
Fips.SYS FIPS Crypto Driver Microsoft Corporation 5.01.2600.0000
flpydisk.sys Floppy Driver Microsoft Corporation 5.01.2600.2180
fltmgr.sys Microsoft Filesystem Filter Manager Microsoft Corporation 5.01.2600.2180
Fs_Rec.SYS File System Recognizer Driver Microsoft Corporation 5.01.2600.0000
ftdisk.sys FT Disk Driver Microsoft Corporation 5.01.2600.0000
GEARAspiWDM.sys CDRom Class Filter Driver GEAR Software Inc. 2.00.0004.0003
guard.sys
hal.dll Hardware Abstraction Layer DLL Microsoft Corporation 5.01.2600.2180
HTTP.sys HTTP Protocol Stack Microsoft Corporation 5.01.2600.2525
i2omgmt.SYS I2O Utility Filter Microsoft Corporation 5.01.2600.2180
i8042prt.sys i8042 Port Driver Microsoft Corporation 5.01.2600.2180
ikhfile.sys PCTools Research Pty Ltd. 3.06.0001.1007
ikhlayer.sys PCTools Research Pty Ltd. 3.06.0001.1007
imapi.sys IMAPI Kernel Driver Microsoft Corporation 5.01.2600.2180
intelide.sys Intel PCI IDE Driver Microsoft Corporation 5.01.2600.2180
intelppm.sys Processor Device Driver Microsoft Corporation 5.01.2600.2180
ipnat.sys IP Network Address Translator Microsoft Corporation 5.01.2600.2524
ipsec.sys IPSec Driver Microsoft Corporation 5.01.2600.2180
isapnp.sys PNP ISA Bus Driver Microsoft Corporation 5.01.2600.0000
kbdclass.sys Keyboard Class Driver Microsoft Corporation 5.01.2600.2180
KDCOM.DLL Kernel Debugger HW Extension DLL Microsoft Corporation 5.01.2600.0000
kmixer.sys Kernel Mode Audio Mixer Microsoft Corporation 5.01.2600.2180
ks.sys Kernel CSA Library Microsoft Corporation 5.03.2600.2180
KSecDD.sys Kernel Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
L8042Pr2.sys Logitech PS/2 Mouse Filter Driver. Logitech, Inc. 9.70.0209.0000
LKbdFlt2.sys Logitech Filter Driver for Keyboard Class. Logitech, Inc. 9.70.0209.0000
LMouFlt2.sys Logitech Filter Driver for Mouse Class. Logitech, Inc. 9.70.0209.0000
mc24E.tmp
mmc_2K.SYS CD-R/RW AddOn MMC Driver (W2K) Roxio 5.02.0000.0091
mnmdd.SYS Frame buffer simulator Microsoft Corporation 5.01.2600.0000
Modem.SYS Modem Device Driver Microsoft Corporation 5.01.2600.2180
MODEMCSA.sys Unimodem CSA Filter Microsoft Corporation 5.01.2600.0000
mouclass.sys Mouse Class Driver Microsoft Corporation 5.01.2600.2180
MountMgr.sys Mount Manager Microsoft Corporation 5.01.2600.2180
mrxdav.sys Windows NT WebDav Minirdr Microsoft Corporation 5.01.2600.2180
mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation 5.01.2600.2598
Msfs.SYS Mailslot driver Microsoft Corporation 5.01.2600.2180
msgpc.sys MS General Packet Classifier Microsoft Corporation 5.01.2600.2180
mssmbios.sys System Management BIOS Driver Microsoft Corporation 5.01.2600.2180
Mup.sys Multiple UNC Provider driver Microsoft Corporation 5.01.2600.2180
NaiFiltr.sys NaiFiltr Device Driver Network Associates, Inc. 6.00.0000.0100
NDIS.sys NDIS 5.1 wrapper driver Microsoft Corporation 5.01.2600.2180
ndistapi.sys NDIS 3.0 connection wrapper driver Microsoft Corporation 5.01.2600.0000
ndisuio.sys NDIS User mode I/O Driver Microsoft Corporation 5.01.2600.2180
ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft Corporation 5.01.2600.2180
NDProxy.SYS NDIS Proxy Microsoft Corporation 5.01.2600.0000
netbios.sys NetBIOS interface driver Microsoft Corporation 5.01.2600.2180
netbt.sys MBT Transport driver Microsoft Corporation 5.01.2600.2180
Npfs.SYS NPFS Driver Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
Ntfs.sys NT File System Driver Microsoft Corporation 5.01.2600.2180
ntoskrnl.exe NT Kernel & System Microsoft Corporation 5.01.2600.2622
Null.SYS NULL Driver Microsoft Corporation 5.01.2600.0000
nv4_disp.dll NVIDIA Compatible Windows 2000 Display driver, Version 52.16 NVIDIA Corporation 6.14.0010.5216
nv4_mini.sys NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 NVIDIA Corporation 6.14.0010.5216
omci.sys OMCI Device Driver Dell Computer Corporation 7.00.0318.0000
parport.sys Parallel Port Driver Microsoft Corporation 5.01.2600.2180
PartMgr.sys Partition Manager Microsoft Corporation 5.01.2600.0000
ParVdm.SYS VDM Parallel Driver Microsoft Corporation 5.01.2600.0000
pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation 5.01.2600.2180
PCIIDEX.SYS PCI IDE Bus Driver Extension Microsoft Corporation 5.01.2600.2180
portcls.sys Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation 5.01.2600.2180
PROCEXP100.SYS
psched.sys MS QoS Packet Scheduler Microsoft Corporation 5.01.2600.2180
ptilink.sys Parallel Technologies DirectParallel IO Library Parallel Technologies, Inc. 1.01.0000.0000
pwd_2k.SYS Win2000 Framework for Packet Write Driver Roxio 5.02.0000.0091
PxHelp20.sys Px Engine Device Driver for Windows 2000/XP Sonic Solutions 2.03.0018.0000
rasacd.sys RAS Automatic Connection Driver Microsoft Corporation 5.01.2600.0000
rasl2tp.sys RAS L2TP mini-port/call-manager driver Microsoft Corporation 5.01.2600.2180
raspppoe.sys RAS PPPoE mini-port/call-manager driver Microsoft Corporation 5.01.2600.2180
raspptp.sys Peer-to-Peer Tunneling Protocol Microsoft Corporation 5.01.2600.2180
raspti.sys PTI DirectParallel(R) mini-port/call-manager driver Microsoft Corporation 5.01.2600.0000
rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation 5.01.2600.2541
RDPCDD.sys RDP Miniport Microsoft Corporation 5.01.2600.0000
redbook.sys Redbook Audio Filter Driver Microsoft Corporation 5.01.2600.2180
serenum.sys Serial Port Enumerator Microsoft Corporation 5.01.2600.2180
serial.sys Serial Device Driver Microsoft Corporation 5.01.2600.2180
smwdm.sys SoundMAX Integrated Digital Audio Analog Devices, Inc. 5.12.0001.3515
sr.sys System Restore Filesystem Filter Driver Microsoft Corporation 5.01.2600.2180
srv.sys Server driver Microsoft Corporation 5.01.2600.2673
swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation 5.03.2600.2180
sysaudio.sys System Audio WDM Filter Microsoft Corporation 5.01.2600.2180
tcpip.sys TCP/IP Protocol Driver Microsoft Corporation 5.01.2600.2827
TDI.SYS TDI Wrapper Microsoft Corporation 5.01.2600.2180
termdd.sys Terminal Server Driver Microsoft Corporation 5.01.2600.2180
TSDDD.dll Framebuffer Display Driver Microsoft Corporation 5.01.2600.2180
UdfReadr_xp.SYS CD-UDF NT Filesystem Reader Driver Roxio 5.02.0000.0091
update.sys Update Driver Microsoft Corporation 5.01.2600.2180
USBD.SYS Universal Serial Bus Driver Microsoft Corporation 5.01.2600.0000
usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation 5.01.2600.2180
usbhub.sys Default Hub Driver for USB Microsoft Corporation 5.01.2600.2180
USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation 5.01.2600.2180
usbuhci.sys UHCI USB Miniport Driver Microsoft Corporation 5.01.2600.2180
vga.sys VGA/Super VGA Video Driver Microsoft Corporation 5.01.2600.2180
VIDEOPRT.SYS Video Port Driver Microsoft Corporation 5.01.2600.2180
VolSnap.sys Volume Shadow Copy Driver Microsoft Corporation 5.01.2600.2180
wanarp.sys MS Remote Access and Routing ARP Driver Microsoft Corporation 5.01.2600.2180
watchdog.sys Watchdog Driver Microsoft Corporation 5.01.2600.2180
wdmaud.sys MMSYSTEM Wave/Midi API mapper Microsoft Corporation 5.01.2600.2180
win32k.sys Multi-User Win32 Driver Microsoft Corporation 5.01.2600.2770
WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation 5.01.2600.0000
ws2ifsl.sys Winsock2 IFS Layer Microsoft Corporation 5.01.2600.0000
[ + quote]
tapiiri
Senior Member
_ 		1. May 2006 @ 01:14 _ Link to this message    Send private message to this user   
Hi jerrold3

I found 2 propaply bad .Exe file

But this file is't what I want
Quote:
Choose ?View? and check that these lines are marked

Show processes form all users.
Show Lower Pane
Lower Pane View DLL's

Then click in that window Explorer.exe
Then select ?File? > Save As > and save log.
Send that log here please.
We find those bad *.dll files and the bustard can be destroyed
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		1. May 2006 @ 23:11 _ Link to this message    Send private message to this user   
This should hopefully be correct. My apologies as I'd never used that program before.


Process PID CPU Description Company Name
System Idle Process 0 82.61
Interrupts n/a Hardware Interrupts
DPCs n/a 1.45 Deferred Procedure Calls
System 4
smss.exe 596 Windows NT Session Manager Microsoft Corporation
csrss.exe 644 1.45 Client Server Runtime Process Microsoft Corporation
winlogon.exe 668 Windows NT Logon Application Microsoft Corporation
services.exe 712 Services and Controller app Microsoft Corporation
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1432 Spooler SubSystem App Microsoft Corporation
cisvc.exe 1788 Content Index service Microsoft Corporation
CIDAEMON.EXE 3952 Indexing Service filter daemon Microsoft Corporation
ewidoctrl.exe 1812 ewido control ewido networks
ewidoguard.exe 1828 guard ewido networks
Mcdetect.exe 1864 McAfee WSC Integration Service McAfee, Inc
McTskshd.exe 2016 McAfee Task Scheduler McAfee, Inc
mcvsrte.exe 252 McAfee VirusScan Real-time Engine Networks Associates Technology, Inc
nvsvc32.exe 308 NVIDIA Driver Helper Service, Version 52.16 NVIDIA Corporation
sdhelp.exe 452 PC Tools Research Pty Ltd
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 1012 Windows User Mode Driver Manager Microsoft Corporation
McShield.exe 2152 7.25 NT On-Access Scanner service. Network Associates, Inc.
alg.exe 2624 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 1532 iPodService Module Apple Computer, Inc.
lsass.exe 724 LSA Shell (Export Version) Microsoft Corporation
csrss.exe 3612 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1320 Windows NT Logon Application Microsoft Corporation
mcvsftsn.exe 2980 McAfee VirusScan Instant Messenger Scan Module Networks Associates Technology, Inc
msmsgs.exe 4040 Windows Messenger Microsoft Corporation
explorer.exe 1676 1.45 Windows Explorer Microsoft Corporation
DSentry.exe 168 DVDSentry Dell - Advanced Desktop Engineering
mcvsshld.exe 152 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
McVSEscn.exe 212 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
mcagent.exe 204 McAfee SecurityCenter Agent McAfee, Inc
jusched.exe 236 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
WkUFind.exe 320 Microsoft® Works Update Detection Microsoft® Corporation
tgcmd.exe 492 Support.com Scheduler and Command Dispatcher Support.com, Inc.
moffice.exe 552 MOffice MFC Application
mouse32a.exe 1232
qttask.exe 884 QuickTime Task Apple Computer, Inc.
DSAgnt.exe 1124 Dell Support Gteko Ltd.
iexplore.exe 3728 Internet Explorer Microsoft Corporation
iexplore.exe 5172 Internet Explorer Microsoft Corporation
procexp.exe 5668 5.80 Sysinternals Process Explorer Sysinternals
atmclk.exe 3880
explorer.exe 2292 Windows Explorer Microsoft Corporation
atmclk.exe 3624
DSentry.exe 1288 DVDSentry Dell - Advanced Desktop Engineering
mcvsshld.exe 3408 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
McVSEscn.exe 3000 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
mcagent.exe 3488 McAfee SecurityCenter Agent McAfee, Inc
jusched.exe 2700 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
WkUFind.exe 3712 Microsoft® Works Update Detection Microsoft® Corporation
tgcmd.exe 2788 Support.com Scheduler and Command Dispatcher Support.com, Inc.
moffice.exe 2556 MOffice MFC Application
mouse32a.exe 3704
qttask.exe 2760 QuickTime Task Apple Computer, Inc.
DSAgnt.exe 868 Dell Support Gteko Ltd.
msnmsgr.exe 4008 MSN Messenger Microsoft Corporation
swdoctor.exe 2116 Spyware Doctor PC Tools Research Pty Ltd
iexplore.exe 1000 Internet Explorer Microsoft Corporation
aolsoftware.exe 1620 AOL America Online, Inc.
aim6.exe 5828 AIM America Online, Inc.

Process: explorer.exe Pid: 1676

Name Description Company Name Version
acgenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2861
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
context.dll Context-Menu (Shell Extension) ewido networks 1.00.0000.0001
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptnet.dll Crypto Network Related API Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
CTYPE.NLS
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
eg.dat 3.06.0000.1003
explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
GdiPlus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
INDEX.DAT
index.dat
INDEX.DAT
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180
klg.DAT Spyware Doctor PC Tools 3.06.0000.1039
lang.dll lang privat 1.00.0000.0001
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
mcvsshl.dll McAfee VirusScan Shell Extension Module Networks Associates Technology, Inc 8.00.0000.0015
McVSSkt.Dll McAfee VirusScan Winsock Helper DLL Networks Associates Technology, Inc 8.00.0000.0030
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mouDL32A.dll WIN32 Mouse Dynamic Link Library 3.00.0002.0000
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
MSACM32.DRV Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
msgina.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcp71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.4301.0000
msvcr71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.6014.0004
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
op_shell.dll Outpost Shell Handler Agnitum Ltd. 3.51.0748.6419
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
sdchook.dll sdchook Support.com, Inc. 5.05.0623.0000
sdcidle.dll Idle DLL SupportSoft 1.00.0000.0004
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
SERWVDRV.DLL Unimodem Serial Wave driver Microsoft Corporation 5.01.2600.0000
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
shdoclc.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2180
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2877
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2869
shellextension.dll Microsoft AntiSpyware Shell Extension Microsoft Corporation 1.00.0701.0010
shellhook.dll 1.00.0000.0001
shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shimgvw.dll Windows Picture and Fax Viewer Microsoft Corporation 6.00.2900.2180
shlres.dll McAfee VirusScan Shell Extension Resource Networks Associates Technology, Inc 8.00.0000.0012
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2861
SORTKEY.NLS
sorttbls.nls
stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
swpg.DAT Spyware Doctor PC Tools 3.06.0000.1069
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
tapi32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
UMDMXFRM.DLL Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
UNICODE.NLS
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2870
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web Site Monitor Microsoft Corporation 6.00.2900.2180
winhttp.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2861
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
wuapi.dll Windows Update Client API Microsoft Corporation 5.08.0000.2469
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
zipfldr.dll Compressed (zipped) Folders Microsoft Corporation 6.00.2900.2180
[ + quote]

This message has been edited since posting. Last time this message was edited on 1. May 2006 @ 23:11
tapiiri
Senior Member
_ 		2. May 2006 @ 05:23 _ Link to this message    Send private message to this user   
Hi, jerrold3,

Run Killbox.

Choise

* Delete on Reboot
* Click All Files option.


# Copy and paste follow lines to clipboard:

C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\ot.ico
C:\WINDOWS\System32\simpole.tlb
C:\WINDOWS\System32\stdole3.tlb
C:\WINDOWS\System32\ts.ico


# return to Killbox, go to File , and choise Paste from Clipboard.

# Clicka red-white Delete File . Click Yes "Delete on Reboot"
Click OK every question PendingFileRenameOperations asks and let me know if those exist.

Your computer should restart now. If not boot yourselves.


Send fresh HijackThis log and tell does that help.

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		2. May 2006 @ 20:37 _ Link to this message    Send private message to this user   
Fresh Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:44 AM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0241FF11-A7E1-5092-8456-3DFA7F6DE6FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1BC8AD41-2234-140B-9B49-00434FC5AE62} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21B4D129-A414-574D-8FDB-462B13594027} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32292AFB-AE93-3F4F-65F1-70C7361F3012} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {343E3F35-089D-1793-101F-5BC76A2AB35B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F9ED016-F987-16FD-6B43-5A41462CA94A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4E3E5CF1-C65E-71DF-B1C1-3CD80BA9AD87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6B1A7B84-AC29-7F07-BFB5-04A51504A476} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7A49177F-6001-1A9E-8489-05461284E76B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7FC27242-2F87-2C8F-51DE-42627A3F38AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
[ + quote]
tapiiri
Senior Member
_ 		3. May 2006 @ 00:38 _ Link to this message    Send private message to this user   
Hi jerrold3

Scan hijack and check these:

O16 - DPF: {0241FF11-A7E1-5092-8456-3DFA7F6DE6FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1BC8AD41-2234-140B-9B49-00434FC5AE62} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21B4D129-A414-574D-8FDB-462B13594027} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32292AFB-AE93-3F4F-65F1-70C7361F3012} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {343E3F35-089D-1793-101F-5BC76A2AB35B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F9ED016-F987-16FD-6B43-5A41462CA94A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E3E5CF1-C65E-71DF-B1C1-3CD80BA9AD87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6B1A7B84-AC29-7F07-BFB5-04A51504A476} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7A49177F-6001-1A9E-8489-05461284E76B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7FC27242-2F87-2C8F-51DE-42627A3F38AF} - http://85.255.113.214/1/gdnUS2218.exe

Close All windows exept hijack and click Fix Checked

Update Ewido.

Boot to safe mode and launch ewido, goto settings.
Mark "scan every file"
Then scan complete system scan, save the raport and send it
with fresh hijack log
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		3. May 2006 @ 07:46 _ Link to this message    Send private message to this user   
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:38:57 AM, 5/3/2006
+ Report-Checksum: 9D0CBF30

+ Scan result:

C:\Documents and Settings\Jerrold\Cookies\jerrold@2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@e-2dj6wjnyenczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Jerrold\Cookies\jerrold@zedo[2].txt -> TrackingCookie.Zedo : Cleaned without backup
C:\HJT\backups\backup-20060430-182227-810.dll -> Downloader.Zlob.my : Cleaned without backup


::Report End




Logfile of HijackThis v1.99.1
Scan saved at 11:43:21 AM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

I get some sort of firewall message popup now on the task bar.
[ + quote]
tapiiri
Senior Member
_ 		3. May 2006 @ 07:51 _ Link to this message    Send private message to this user   
Logs looks clean.

What that message says ?
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
jerrold3
Newbie
_ 		3. May 2006 @ 08:07 _ Link to this message    Send private message to this user   
HELP!!! theguardservices.com is back. Two new taskbar icons, the flashing exclamation point is back and now a flashing red circle with the diagonal line through it. Here's a extra fresh hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:28 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp67DF.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/m...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
[ + quote]
Advertisement
_ 		__
 
_
tapiiri
Senior Member
_ 		3. May 2006 @ 08:12 _ Link to this message    Send private message to this user   
Have you tried use that smitfaudfix again? Be sure, that all files are extracted.

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > infected with the "theguardservices" home page
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork